package com.sun.xml.xwss;

import com.sun.xml.ws.api.SOAPVersion;
import com.sun.xml.ws.api.message.Messages;
import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.model.wsdl.WSDLPort;
import com.sun.xml.ws.api.pipe.Pipe;
import com.sun.xml.ws.api.pipe.PipeCloner;
import com.sun.xml.ws.api.server.Container;
import com.sun.xml.ws.api.server.WSEndpoint;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.PolicyViolationException;
import com.sun.xml.wss.impl.ProcessingContextImpl;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.SecurityAnnotator;
import com.sun.xml.wss.impl.SecurityRecipient;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.config.ApplicationSecurityConfiguration;
import com.sun.xml.wss.impl.config.DeclarativeSecurityConfiguration;
import com.sun.xml.wss.impl.configuration.StaticApplicationContext;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import java.io.InputStream;
import java.net.URL;
import javax.servlet.ServletContext;
import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPConstants;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.soap.SOAPFaultException;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/xwss/XWSSServerPipe.class */
public class XWSSServerPipe implements Pipe {
    protected Pipe nextPipe;
    private WSEndpoint endPoint;
    private WSDLPort port;
    private SecurityConfiguration config;
    protected SOAPFactory soapFactory;
    protected MessageFactory messageFactory;
    protected SOAPVersion soapVersion;
    protected boolean isSOAP12;
    protected static final String FAILURE = "com.sun.xml.ws.shd.failure";
    protected static final String TRUE = "true";
    protected static final String FALSE = "false";
    protected static final String CONTEXT_WSDL_OPERATION = "com.sun.xml.ws.wsdl.operation";
    private static final String SERVLET_CONTEXT_CLASSNAME = "javax.servlet.ServletContext";
    private static final String ENCRYPTED_BODY_QNAME = "{http://www.w3.org/2001/04/xmlenc#}EncryptedData";

    public XWSSServerPipe(WSEndpoint wSEndpoint, WSDLPort wSDLPort, Pipe pipe) {
        this.config = null;
        this.soapFactory = null;
        this.messageFactory = null;
        this.soapVersion = null;
        this.isSOAP12 = false;
        this.endPoint = wSEndpoint;
        this.port = wSDLPort;
        this.nextPipe = pipe;
        try {
            this.config = new SecurityConfiguration(getServerConfig());
            this.soapVersion = this.endPoint.getBinding().getSOAPVersion();
            this.isSOAP12 = this.soapVersion == SOAPVersion.SOAP_12;
            this.soapFactory = this.soapVersion.saajSoapFactory;
            this.messageFactory = this.soapVersion.saajMessageFactory;
        } catch (XWSSecurityException e) {
            throw new WebServiceException(e);
        }
    }

    public XWSSServerPipe(XWSSServerPipe xWSSServerPipe) {
        this.config = null;
        this.soapFactory = null;
        this.messageFactory = null;
        this.soapVersion = null;
        this.isSOAP12 = false;
        this.nextPipe = xWSSServerPipe.nextPipe;
        this.endPoint = xWSSServerPipe.endPoint;
        this.port = xWSSServerPipe.port;
        this.soapFactory = xWSSServerPipe.soapFactory;
        this.messageFactory = xWSSServerPipe.messageFactory;
        this.soapVersion = xWSSServerPipe.soapVersion;
        this.isSOAP12 = xWSSServerPipe.isSOAP12;
        this.config = xWSSServerPipe.config;
    }

    @Override // com.sun.xml.ws.api.pipe.Pipe
    public Packet process(Packet packet) {
        try {
            Packet validateRequest = validateRequest(packet);
            if (TRUE.equals(validateRequest.invocationProperties.get(FAILURE))) {
                return validateRequest;
            }
            Packet process = this.nextPipe.process(validateRequest);
            return process.getMessage() == null ? process : secureResponse(process);
        } catch (Exception e) {
            throw new WebServiceException(e);
        }
    }

    @Override // com.sun.xml.ws.api.pipe.Pipe
    public void preDestroy() {
    }

    @Override // com.sun.xml.ws.api.pipe.Pipe
    public Pipe copy(PipeCloner pipeCloner) {
        Pipe pipe = null;
        if (this.nextPipe != null) {
            pipe = pipeCloner.copy((PipeCloner) this.nextPipe);
        }
        XWSSServerPipe xWSSServerPipe = new XWSSServerPipe(this);
        xWSSServerPipe.setNextPipe(pipe);
        pipeCloner.add(this, xWSSServerPipe);
        return xWSSServerPipe;
    }

    public void setNextPipe(Pipe pipe) {
        this.nextPipe = pipe;
    }

    private InputStream getServerConfigStream() {
        String str = "/WEB-INF/" + this.endPoint.getServiceName().getLocalPart() + "_security_config.xml";
        ServletContext servletContext = (ServletContext) this.endPoint.getContainer().getSPI(ServletContext.class);
        if (servletContext == null) {
            return null;
        }
        InputStream resourceAsStream = servletContext.getResourceAsStream(str);
        if (resourceAsStream == null) {
            resourceAsStream = servletContext.getResourceAsStream("/WEB-INF/server_security_config.xml");
        }
        return resourceAsStream;
    }

    private URL getServerConfig() {
        String localPart = this.endPoint.getServiceName().getLocalPart();
        Container container = this.endPoint.getContainer();
        Object obj = null;
        if (container != null) {
            try {
                obj = container.getSPI(Class.forName(SERVLET_CONTEXT_CLASSNAME));
            } catch (ClassNotFoundException e) {
            }
        }
        if (obj != null) {
            URL loadFromContext = SecurityUtil.loadFromContext("/WEB-INF/server_security_config.xml", obj);
            if (loadFromContext == null) {
                loadFromContext = SecurityUtil.loadFromContext("/WEB-INF/" + localPart + "_security_config.xml", obj);
            }
            if (loadFromContext != null) {
                return loadFromContext;
            }
            return null;
        }
        URL loadFromClasspath = SecurityUtil.loadFromClasspath("META-INF/server_security_config.xml");
        if (loadFromClasspath == null) {
            loadFromClasspath = SecurityUtil.loadFromClasspath("META-INF/" + localPart + "_security_config.xml");
        }
        if (loadFromClasspath != null) {
            return loadFromClasspath;
        }
        return null;
    }

    public Packet validateRequest(Packet packet) throws Exception {
        if (this.config == null) {
            return packet;
        }
        SOAPMessage readAsSOAPMessage = packet.getMessage().readAsSOAPMessage();
        try {
            StaticApplicationContext staticApplicationContext = new StaticApplicationContext(getPolicyContext(packet));
            ProcessingContextImpl processingContextImpl = new ProcessingContextImpl(packet.invocationProperties);
            processingContextImpl.setSOAPMessage(readAsSOAPMessage);
            String operationName = getOperationName(readAsSOAPMessage);
            ApplicationSecurityConfiguration securityConfiguration = this.config.getSecurityConfiguration();
            if (operationName.equals(ENCRYPTED_BODY_QNAME) && securityConfiguration.hasOperationPolicies()) {
                ApplicationSecurityConfiguration applicationSecurityConfiguration = (ApplicationSecurityConfiguration) securityConfiguration.getSecurityPolicies(staticApplicationContext).next();
                if (applicationSecurityConfiguration != null) {
                    processingContextImpl.setPolicyContext(staticApplicationContext);
                    processingContextImpl.setSecurityPolicy(applicationSecurityConfiguration);
                } else {
                    ApplicationSecurityConfiguration applicationSecurityConfiguration2 = (ApplicationSecurityConfiguration) securityConfiguration.getAllTopLevelApplicationSecurityConfigurations().iterator().next();
                    processingContextImpl.setPolicyContext(staticApplicationContext);
                    processingContextImpl.setSecurityPolicy(applicationSecurityConfiguration2);
                }
            } else {
                staticApplicationContext.setOperationIdentifier(operationName);
                packet.invocationProperties.put(CONTEXT_WSDL_OPERATION, operationName);
                SecurityPolicy securityConfiguration2 = securityConfiguration.getSecurityConfiguration(staticApplicationContext);
                processingContextImpl.setPolicyContext(staticApplicationContext);
                if (PolicyTypeUtil.declarativeSecurityConfiguration(securityConfiguration2)) {
                    processingContextImpl.setSecurityPolicy(((DeclarativeSecurityConfiguration) securityConfiguration2).receiverSettings());
                } else {
                    processingContextImpl.setSecurityPolicy(securityConfiguration2);
                }
            }
            processingContextImpl.setSecurityEnvironment(this.config.getSecurityEnvironment());
            processingContextImpl.isInboundMessage(true);
            if (securityConfiguration.retainSecurityHeader()) {
                processingContextImpl.retainSecurityHeader(true);
            }
            SecurityRecipient.validateMessage(processingContextImpl);
            packet.invocationProperties.put(CONTEXT_WSDL_OPERATION, getOperationName(readAsSOAPMessage));
            packet.setMessage(Messages.create(processingContextImpl.getSOAPMessage()));
            return packet;
        } catch (XWSSecurityException e) {
            WssSoapFaultException newSOAPFaultException = SecurableSoapMessage.newSOAPFaultException(e.getCause() instanceof PolicyViolationException ? MessageConstants.WSSE_RECEIVER_POLICY_VIOLATION : MessageConstants.WSSE_FAILED_AUTHENTICATION, e.getMessage(), e);
            packet.invocationProperties.put(FAILURE, TRUE);
            addFault(newSOAPFaultException, readAsSOAPMessage, this.isSOAP12);
            packet.setMessage(Messages.create(readAsSOAPMessage));
            return packet;
        } catch (WssSoapFaultException e2) {
            packet.invocationProperties.put(FAILURE, TRUE);
            addFault(e2, readAsSOAPMessage, this.isSOAP12);
            packet.setMessage(Messages.create(readAsSOAPMessage));
            return packet;
        }
    }

    public Packet secureResponse(Packet packet) throws Exception {
        if (this.config == null) {
            return packet;
        }
        try {
            ProcessingContextImpl processingContextImpl = new ProcessingContextImpl(packet.invocationProperties);
            String str = (String) packet.invocationProperties.get(CONTEXT_WSDL_OPERATION);
            StaticApplicationContext staticApplicationContext = new StaticApplicationContext(getPolicyContext(packet));
            staticApplicationContext.setOperationIdentifier(str);
            SecurityPolicy securityConfiguration = this.config.getSecurityConfiguration().getSecurityConfiguration(staticApplicationContext);
            processingContextImpl.setPolicyContext(staticApplicationContext);
            if (PolicyTypeUtil.declarativeSecurityConfiguration(securityConfiguration)) {
                processingContextImpl.setSecurityPolicy(((DeclarativeSecurityConfiguration) securityConfiguration).senderSettings());
            } else {
                processingContextImpl.setSecurityPolicy(securityConfiguration);
            }
            processingContextImpl.setSecurityEnvironment(this.config.getSecurityEnvironment());
            processingContextImpl.isInboundMessage(false);
            processingContextImpl.setSOAPMessage(packet.getMessage().readAsSOAPMessage());
            SecurityAnnotator.secureMessage(processingContextImpl);
            packet.setMessage(Messages.create(processingContextImpl.getSOAPMessage()));
            return packet;
        } catch (XWSSecurityException e) {
            packet.setMessage(Messages.create(getSOAPFault(SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INTERNAL_SERVER_ERROR, e.getMessage(), e))));
            return packet;
        } catch (WssSoapFaultException e2) {
            packet.setMessage(Messages.create(getSOAPFault(e2)));
            return packet;
        }
    }

    private StaticApplicationContext getPolicyContext(Packet packet) {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext((StaticApplicationContext) this.config.getSecurityConfiguration().getAllContexts().next());
        QName qName = null;
        if (this.port != null) {
            qName = this.port.getName();
        }
        staticApplicationContext.setPortIdentifier(qName == null ? "" : qName.toString());
        return staticApplicationContext;
    }

    public void addFault(WssSoapFaultException wssSoapFaultException, SOAPMessage sOAPMessage, boolean z) throws SOAPException {
        SOAPBody sOAPBody = sOAPMessage.getSOAPBody();
        sOAPBody.removeContents();
        sOAPMessage.removeAllAttachments();
        QName faultCode = wssSoapFaultException.getFaultCode();
        if (faultCode == null) {
            faultCode = new QName("http://schemas.xmlsoap.org/soap/envelope/", "Client");
        }
        if (z) {
            sOAPBody.addFault(SOAPConstants.SOAP_SENDER_FAULT, wssSoapFaultException.getMessage()).appendFaultSubcode(faultCode);
        } else {
            sOAPBody.addFault(faultCode, wssSoapFaultException.getMessage());
        }
        NodeList elementsByTagNameNS = sOAPMessage.getSOAPPart().getEnvelope().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", MessageConstants.WSSE_SECURITY_LNAME);
        if (elementsByTagNameNS.getLength() > 0) {
            Node item = elementsByTagNameNS.item(0);
            item.getParentNode().removeChild(item);
        }
    }

    protected SOAPFault getSOAPFault(WssSoapFaultException wssSoapFaultException) {
        SOAPFault createFault;
        try {
            if (this.isSOAP12) {
                createFault = this.soapFactory.createFault(wssSoapFaultException.getFaultString(), SOAPConstants.SOAP_SENDER_FAULT);
                createFault.appendFaultSubcode(wssSoapFaultException.getFaultCode());
            } else {
                createFault = this.soapFactory.createFault(wssSoapFaultException.getFaultString(), wssSoapFaultException.getFaultCode());
            }
            return createFault;
        } catch (Exception e) {
            throw new RuntimeException("Security Pipe: Internal Error while trying to create a SOAPFault");
        }
    }

    public SOAPFaultException getSOAPFaultException(WssSoapFaultException wssSoapFaultException, boolean z) {
        SOAPFault createFault;
        try {
            if (z) {
                createFault = this.soapFactory.createFault(wssSoapFaultException.getFaultString(), SOAPConstants.SOAP_SENDER_FAULT);
                createFault.appendFaultSubcode(wssSoapFaultException.getFaultCode());
            } else {
                createFault = this.soapFactory.createFault(wssSoapFaultException.getFaultString(), wssSoapFaultException.getFaultCode());
            }
            return new SOAPFaultException(createFault);
        } catch (Exception e) {
            throw new RuntimeException(this + ": Internal Error while trying to create a SOAPFault");
        }
    }

    private String getOperationName(SOAPMessage sOAPMessage) throws Exception {
        if (sOAPMessage == null) {
            throw new XWSSecurityException("SOAPMessage in message context is null");
        }
        SOAPBody sOAPBody = sOAPMessage.getSOAPBody();
        if (sOAPBody == null) {
            throw new XWSSecurityException("No body element identifying an operation is found");
        }
        StringBuffer stringBuffer = new StringBuffer("");
        for (Node firstChild = sOAPBody.getFirstChild(); firstChild != null; firstChild = firstChild.getNextSibling()) {
            stringBuffer.append("{" + firstChild.getNamespaceURI() + "}" + firstChild.getLocalName() + ":");
        }
        String stringBuffer2 = stringBuffer.toString();
        return stringBuffer2.length() > 0 ? stringBuffer2.substring(0, stringBuffer2.length() - 1) : stringBuffer2;
    }
}
